[cisco-voip] Connection LDAP Authentication

STEVEN CASPER SCASPER at mtb.com
Mon Aug 31 13:26:39 EDT 2009


ended up being the DN syntax. From Netpro:
 
bmagnani ( http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&CommCmd=MB%3Fcmd%3Ddisplay_user_info%26location%3D.2cd46e66&author=bmagnani ) 

Aug 31, 2009, 7:54am PST 
Steven, 

This is because you most likely aren't using the proper syntax for Distinguished Name. It needs to be in the format below (insert your company's structure): 

CN=ucadmin,OU=Cisco,OU=Service Accounts,DC=mandt,DC=bank,DC=com 

The LDAP Directory configuration page will work with your current syntax, but the authentication will not. I would advise changing them both to the above syntax. If you're not sure what your syntax involves; ADSIEdit tool from a Windows machine can give you the proper string that you can just paste in there. 

Hope that helps, 
Brad

>>> Jonathan Charles <jonvoip at gmail.com> 8/31/2009 10:32 AM >>>
Well, I think you need more rights to do an authentication than a sync....

I would give the DN full control over a few AD users and see if that
fixes em, if it does, then it is clearly a rights issue.



J

On Mon, Aug 31, 2009 at 9:28 AM, STEVEN CASPER<SCASPER at mtb.com> wrote:
> It does, what is interesting is I am using the same account for the
> Directory Configuration page and I can run a successful synch and import
> LDAP users.
>
> Steve
>
>>>> Jonathan Charles <jonvoip at gmail.com> 8/31/2009 7:51 AM >>>
> You have an invalid DN.
>
> At least that is what error code 34 points to...
>
> I would check the DN you are binding to AD with, does it have read
> access to all objects?
>
>
>
> Jonathan
>
> On Fri, Aug 28, 2009 at 2:11 PM, STEVEN CASPER<SCASPER at mtb.com> wrote:
>>  I have LDAP synchronization working between Connection 7.1.2a and AD
>> 2008.
>> I can synch and import users. I am now trying to set up the authentication
>> piece and am getting the following error when I try to save my LDAP
>> Authentication configuration:
>>
>> Error while Connecting to ldap://recasp.test.mtb.com:389/Test\TVCCUPS,
>> javax.naming.InvalidNameException: Test\TVCCUPS: [LDAP: error code 34 -
>> 0000208F: LdapErr: DSID-0C09070B, comment: Error processing name, data 0,
>> v1771]; remaining name \'Test\TVCCUPS\'
>>
>>  I am using the same LDAP Manager Distinguished Name, passwords, target
>> Domain Controller servers and LDAP port that I used to set up the LDAP
>> Directory configuration. This ID is set to read all user accounts. Do I
>> need
>> an account with more permissions or should this work?
>>
>> Thanks,
>> Steve
>>
>> ************************************
>> This email may contain privileged and/or confidential information that is
>> intended solely for the use of the addressee.  If you are not the intended
>> recipient or entity, you are strictly prohibited from disclosing, copying,
>> distributing or using any of the information contained in the
>> transmission.
>> If you received this communication in error, please contact the sender
>> immediately and destroy the material in its entirety, whether electronic
>> or
>> hard copy.  This communication may contain nonpublic personal information
>> about consumers subject to the restrictions of the Gramm-Leach-Bliley Act
>> and the Sarbanes-Oxley Act.  You may not directly or indirectly reuse or
>> disclose such information for any purpose other than to provide the
>> services
>> for which you are receiving the information.
>> There are risks associated with the use of electronic transmission.  The
>> sender of this information does not control the method of transmittal or
>> service providers and assumes no duty or obligation for the security,
>> receipt, or third party interception of this transmission.
>> ************************************
>>
>> _______________________________________________
>> cisco-voip mailing list
>> cisco-voip at puck.nether.net 
>> https://puck.nether.net/mailman/listinfo/cisco-voip 
>>
>>
>
> ************************************
> This email may contain privileged and/or confidential information that is
> intended solely for the use of the addressee.  If you are not the intended
> recipient or entity, you are strictly prohibited from disclosing, copying,
> distributing or using any of the information contained in the transmission.
> If you received this communication in error, please contact the sender
> immediately and destroy the material in its entirety, whether electronic or
> hard copy.  This communication may contain nonpublic personal information
> about consumers subject to the restrictions of the Gramm-Leach-Bliley Act
> and the Sarbanes-Oxley Act.  You may not directly or indirectly reuse or
> disclose such information for any purpose other than to provide the services
> for which you are receiving the information.
> There are risks associated with the use of electronic transmission.  The
> sender of this information does not control the method of transmittal or
> service providers and assumes no duty or obligation for the security,
> receipt, or third party interception of this transmission.
> ************************************
>

************************************
This email may contain privileged and/or confidential information that is intended solely for the use of the addressee.  If you are not the intended recipient or entity, you are strictly prohibited from disclosing, copying, distributing or using any of the information contained in the transmission.  If you received this communication in error, please contact the sender immediately and destroy the material in its entirety, whether electronic or hard copy.  This communication may contain nonpublic personal information about consumers subject to the restrictions of the Gramm-Leach-Bliley Act and the Sarbanes-Oxley Act.  You may not directly or indirectly reuse or disclose such information for any purpose other than to provide the services for which you are receiving the information.
There are risks associated with the use of electronic transmission.  The sender of this information does not control the method of transmittal or service providers and assumes no duty or obligation for the security, receipt, or third party interception of this transmission.
************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20090831/3dae6ebc/attachment.html>


More information about the cisco-voip mailing list